package myoa

class TaskController {

//----------level 2.1 by following access control----------
    //id for project id
    def create(Long id) {
        [project: Project.read(id)]
    }

    //id for project id
    def save(Long id) {
        Task t = new Task(params)
        t.traceCreate()
        if (t.save()) {
            flash.message = message(code: 'default.save.success')
            redirect(controller: 'project', action: 'show', id: id)
        } else {
            flash.message = message(code: 'default.save.failed')
            redirect(action: 'create', id: id)
        }
    }

//----------level 2.2 by following access control----------
    def edit(Long id) {
        [task: Task.read(id)]
    }

    def update(Long id) {
        Task t = Task.get(id)
        t.properties = params
        t.traceUpdate()
        if (t.save()) {
            flash.message = message(code: 'default.save.success')
            redirect(controller: 'project', action: 'show', id: t.project.id)
        } else {
            flash.message = message(code: 'default.save.failed')
            render(view: "edit", model: [task: t])
        }
    }


    def delete(Long id) {
        Task t = Task.get(id)
        t.delete()
        flash.message = message(code: 'default.delete.success', args: [t.id])
        redirect(controller: 'project', action: 'show', id: t.project.id)
    }
}
